Mostly about my amusement

September 30, 2009

SSL certs for free and not self signed?

I may have been under a rock lately. I saw on Reddit that Microsoft Internet Explorer 8 supported StartSSL certificates. So as a goof I signed up at https://www.startssl.com/ and applied for a free server certificate.

I generated via their web page a certificate for blog.dembowski.net, installed it on my apache server and started using it. Firefox complained that I’m not certified as I have not validated who I am. That’s reasonable and very X.509v3 of them.

Internet Explorer 8 used the SSL cert for my server without a single hiccup. Other than my WordPress mixes http and https on the same page, there were no complaints. Internet Explorer just used the SSL cert without any problems.

I use SSL certs for privacy and not for identity, so self-signed SSL certs that I have generated are no big deal for me. But having a Microsoft browser not complain about my SSL web site is surreal.

Edit: Oh. Turns out you also need to follow these instructions too. I added SSLCertificateChainFile to my conf and on my other laptop Firefox does not complain at all now. Chrome works like a charm too.

How did I find out about my misconfiguration? Because I recieved this e-mail from StartSSL this morning:

This mail is intended for the person who owns a digital certificate issued by the StartSSL™ Certification Authority (http://www.startssl.com/).

It seems, that the installation of your server certificate with serial number 45568 for blog.dembowski.net is not complete! You should add the intermediate CA certificate to your installation. This is important, because most browsers will issue an error if this is not properly done. Please consult the installation instructions at http://www.startssl.com/?app=20 on how to do that. The missing certificate can be obtained from http://www.startssl.com/certs/sub.class1.server.ca.pem

— Best Regards

StartCom Ltd. StartSSL™ Certification Authority

So after I applied for a cert, they reached out to check if I installed it correctly. For Free. How cool is that?

Jan Dembowski

David

I’ve no connection with StartCom other than as a satisfied customer, but I am impressed with Eddy Nigg (the CTO) and what he is doing.

The only major browser that lacks StartSSL support now is Opera; Eddy is trying to work with Opera to resolve that.

Free DV (domain validated) certificates last for a year, and can be renewed free of charge after that. At this level, server certificates can only contain a single domain name.

Revocation of free certificates is strongly discouraged and is very hard to obtain; you are usually asked to use another (sub) domain name instead. This is to keep the size of the Certificate Revocation List down. This doesn’t just affect you in the case of a compromised certificate – if you lose your private key, you can’t have another certificate on that domain name until the existing one expires.

The next step up – though it’s still Class 1 – is a Web of Trust certificate. The difference between this and the regular free certificate is that it contains your name and location – a so-called IV (individual verification) certificate.

For this, you have to have your documents verified by two StartSSL notaries. At the moment, this is tricky, because there aren’t many notaries. I don’t believe people are well educated about this yet – I’m a notary and I haven’t had any requests for verification. With the closure of the Thawte Web of Trust later this year and the unlikelihood of CAcert getting major browser recognition any time soon as their auditor has resigned, I believe StartSSL’s Web of Trust will become the premier Web of Trust on the Internet. Thawte only offered client certificates (useful for authentication to web servers and for S/MIME email), whereas StartSSL offers server certificates.

The next step up is to become verified direct with StartCom. At Verified level, you can have wild card, multiple domain name (UCC) and code signing certificates. Revocation is easier to obtain if you need it. You must be verified to get Web of Trust notary status.

Verification costs US$29.90 a year (double that if you want your organisation verified as well, as you have to be individually verified first). You pay for the verification, not for each certificate, which I believe is much fairer, as it is performing the verification that costs the CA money. Each individual and organisational verification lasts a year – you can continue to obtain Verified certificates for the full year. Eddy has Twittered that from next week, new Verified certificates will last two years, though I’m not sure whether the verifications will last two years as well.

The process is pretty straightforward – you upload high quality scans of two identity documents (a passport is preferred, together with another government ID such as a driving licence) and pay the fee online by credit or debit card. Once you’ve done this, StartCom attempt to verify your location and ID via third-party sources – typically a phone directory. You then get a quick phone call from StartCom to verify yourself – in my case, it was Eddy who called me. If phone verification is impossible because you’re not in the phone directory, StartCom will mail you a letter containing a verification code that you input on the web site.

The code signing support is particularly useful. Code signing certificates were previously almost impossible to obtain for an individual and were extremely pricey, too.

Some of the major Firefox authors have started to sign their extensions using StartSSL code signing certificates. Unfortunately, a bug in Firefox still means that “(Author not verified)” is shown when installing an add-on signed by a code signing certificate issued to an individual, but hopefully this will be resolved.

Code signing is also possible with Java, though the StartSSL certificate isn’t in the CA bundle included with Java and has to be installed manually.

EV is available from StartSSL at a reasonable price if you can meet the requirements for an EV certificate. These can only be issued to bona fide organisations.

Eddy seems to be trying to redefine security on the Internet.

There’s no reason to use self-signed certificates any more, so long as a 1 year lifetime is acceptable, and you can meet the minimum requirements (2048 bit key size minimum and using a hash other than MD5).

The minimum requirements mean that you can’t use StartSSL with some embedded devices such as routers, networked UPSes and server management cards – many of these only support 1024 bit keys or MD5 signatures. I have a Dell DRAC 5 card with a StartSSL certificate on it, though you have to mess around at the DRAC’s command line to switch it to 2048 bit keys. DRAC 4 will allow 2048 bit keys but insists on an MD5 signature, sadly.

Test and Intranet servers can have a ‘real’ certificate when it’s free, though all servers must be using a ‘real’ domain name. StartCom’s CPS forbids issuing certificates to other than a domain on the public Internet. If you have a local DNS server, that’s not going to be a problem.

With a modern version of OpenSSL, Apache 2.2.12 onwards supports Server Name Indication. This allows an SSL capable web server to run several virtual hosts each with their own certificate – something that was previously impossible. The catch is that you have to have an SNI capable browser – Firefox and Opera are capable, as is Internet Explorer on Vista onwards (Windows XP won’t get the necessary updated crypto components as there’s too many other changes needed). This makes SSL virtual hosting possible at last – no longer do you need a dedicated IP address per certificate. Throw in free certificates from StartSSL, and it makes security much more accessible.

Because StartSSL verification is so cheap, there’s little excuse to have a DV certificate like StartSSL Free on any server where you might want to verify the identity of the owner.

Though most web users don’t understand this, SSL is about more than ‘getting the padlock’ and encryption – it’s about verifying the identity of the server and its operator. Unfortunately even reputable e-commerce sites run with DV certificates because of the expense and hassle of getting an IV (individual verification) or OV (organisational verification) certificate. If you don’t need the other benefits of StartSSL Verified, you can get IV for nothing via the Web of Trust.

The cost of StartCom EV is low, too – even when it jumps to the likely non-beta price of US$199 a year. Though EV is impossible for sites not run by bona fide organisations, hopefully the low price encourages more e-commerce sites to switch to EV.

The use of client certificates for S/MIME and authentication to servers has never been that popular, which is a shame in these times of so much phishing and online identity fraud.

My Subversion servers all use client certificates for authentication, and I have the option of signing my outgoing email and receiving incoming encrypted email when appropriate. As I’m at the Verified level, signed email shows my name and location.

Nelson B

So, for free, you not only got a server certificate that validates in IE and Firefox, you also got a service that checked your installation, found that your certificate was incompletely installed, and sent you an email telling you how to correct that.

Amazing! Does any other CA offer that service (checking your installation after you get the cert, and advising you about it) AT ANY PRICE?

As the world starts to catch on to the fact that there is now a free source of server certs that are valid in IE, and free email certs that work in all major email clients (at the same time that Thawte has stopped distributing free email certs), I think StartSSL is going to experience growth in demand for their certs, perhaps greater than any other certificate issuer has ever experienced. I hope they can keep up with the growing demand and remain in business. I fear that it takes lots of money to buy additional servers to meet all that additional demand, money that doesn’t come from giving away your product! I wish them luck and success.

Domger

Sorry, but there ist still NO support for IE Browsers < IE9 (IE6, IE7, IE8) on Windows XP Operating System. Even not if you update your OS via Windows Update Function. For XP users M$ is offering an updater.exe (lol!) – ask google.

On Vista and Win7 there is no problem with IE browser support for StartSSL Certs. -Domger

Domger

Sorry, but your answer does not really satisfy me and all the customers visiting the shops and websites i maintain. Many visitors / users are still on WinXP and most of them are also still using an IE < Version 9. So there is a real problem and relating to this man cannot say using StartSSL Certificates on IE works like a charm, too.

Sorry for any misunderstanding. While I am looking for conversation (this is a blog after all), it wasn’t my intention to satisfy anyone.

I am a StartSSL customer. I don’t work for them and do not represent StartSSL or anyone else for that matter. I use their certificates, I’m content, and will continue to represent that on my blog.

The updated code needed to support any new CA and as well updated SNI TLS support is part of the Microsoft Windows XP operating system. Microsoft stopped supporting and have abandoned that version of Windows. It’s been out of support for years. If you use IE on Windows XP then it’s a dubious platform.

If people do not want or are unable to update their software or operating environment then that’s their business. No SSL certifcate provider can solve that issue, certainly not StartSSL.